I'm definitely a newcomer; so, sorry for my naiveness.Yes, with http://whatever.whatever.xxx/download.php?f=filename.pdf I'm asked for usn/pwdBut, with http://whatever.whatever.xxx/filename.pdf I plainly get the filename.pdf

The idea is your direct (plain) file path should be unknown and you shouldn't expose it to the world. You only expose your "Yes" link.

If you'd like to avoid direct file access, you'll have to use url rewriting (if your server has mod_rewrite module loaded). Either add url rewrite rule for all your files , or place them in one folder and add one rule for all. I'm not good at rewriting rules, but rule will have to map urls of this structure http://example.com/some/folder/filename.ext to http://example.com/path/to/download.php?f=filename.ext

I'm definitely a newcomer; so, sorry for my naiveness.Yes, with http://whatever.whatever.xxx/download.php?f=filename.pdf I'm asked for usn/pwdBut, with http://whatever.whatever.xxx/filename.pdf I plainly get the filename.pdf

How to avoid this?

Thanks

alfalambda

Well, I don't - if I do not log in to the site, I get "404 Error File Not Found"